diff options
Diffstat (limited to 'source3/auth/auth_util.c')
| -rw-r--r-- | source3/auth/auth_util.c | 54 |
1 files changed, 39 insertions, 15 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 98ecd00d1c..e4793c3df3 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -493,6 +493,11 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) for (i = 0; i < token->num_sids; i++) DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i, sid_to_string(sid_str, &token->user_sids[i]))); + + DEBUGADDC(dbg_class, dbg_lev, ("Privileges: [%d]\n", token->privileges.count)); + for ( i=0; i<token->privileges.count; i++ ) { + DEBUGADDC(dbg_class, dbg_lev, ("\t%s\n", luid_to_privilege_name(&token->privileges.set[i].luid) )); + } } /**************************************************************************** @@ -583,6 +588,13 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro ptoken->num_sids--; } } + + /* add privileges assigned to this user */ + + privilege_set_init( &ptoken->privileges ); + + get_privileges_for_sids( &ptoken->privileges, ptoken->user_sids, ptoken->num_sids ); + debug_nt_user_token(DBGC_AUTH, 10, ptoken); @@ -1410,12 +1422,15 @@ BOOL make_auth_methods(struct auth_context *auth_context, auth_methods **auth_me void delete_nt_token(NT_USER_TOKEN **pptoken) { - if (*pptoken) { - NT_USER_TOKEN *ptoken = *pptoken; - SAFE_FREE( ptoken->user_sids ); - ZERO_STRUCTP(ptoken); - } - SAFE_FREE(*pptoken); + if (*pptoken) { + NT_USER_TOKEN *ptoken = *pptoken; + + SAFE_FREE( ptoken->user_sids ); + privilege_set_free( &ptoken->privileges ); + + ZERO_STRUCTP(ptoken); + } + SAFE_FREE(*pptoken); } /**************************************************************************** @@ -1429,17 +1444,26 @@ NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken) if (!ptoken) return NULL; - if ((token = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL) - return NULL; - - ZERO_STRUCTP(token); + if ((token = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL) + return NULL; - if ((token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids )) == NULL) { - SAFE_FREE(token); - return NULL; - } + ZERO_STRUCTP(token); + + token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids ); + + if ( !token ) { + SAFE_FREE(token); + return NULL; + } - token->num_sids = ptoken->num_sids; + token->num_sids = ptoken->num_sids; + + /* copy the privileges; don't consider failure to be critical here */ + + privilege_set_init( &token->privileges); + if ( !dup_privilege_set( &token->privileges, &ptoken->privileges ) ) { + DEBUG(0,("dup_nt_token: Failure to copy PRIVILEGE_SET!. Continuing with 0 privileges assigned.\n")); + } return token; } |